Disable WebDAV protocol on IIS 6.0 [Answered]RSS

10 replies

Last post Jul 15, 2009 03:56 PM by robmcm

  • Disable WebDAV protocol on IIS 6.0

    May 14, 2008 08:20 AM|saneaprodan|LINK

    Hi all,

     I need to disable WebDAV Http extensions on my IIS 6.0 server. I found this Microsoft link on how to do this on IIS 5.0: http://support.microsoft.com/kb/241520

    I've tried the registry settings approach, but I can still open my WSS 3.0 site using File->Open -> Open as Web Folder option.

    Also, the IIS Lockdown tool is only or IIS 4.0, 5.0.

     So how does one disable WebDav in IIS 6.0?

    IIS 6.0 WebDav

  • Re: Disable WebDAV protocol on IIS 6.0

    May 14, 2008 09:04 AM|tomkmvp|LINK

    Simple ... do not enable WebDAV in the web services configuration.
    http://support.microsoft.com/kb/332060

  • Re: Disable WebDAV protocol on IIS 6.0

    May 14, 2008 09:19 AM|saneaprodan|LINK

    I really wish it were that simple. I've disabled WebDAV extensions from Web server extensions node, but my WSS 3.0 site can still be opened using win explorer. I did mention I have SharePoint Services 3.0 installed, did I?

    Am I the only one with this behavior?

  • Re: Disable WebDAV protocol on IIS 6.0

    May 14, 2008 04:09 PM|tomkmvp|LINK

    Ahh yes, WSS does strange things to IIS.  You may get a better response in a WSS specific forum ...

  • Re: Disable WebDAV protocol on IIS 6.0

    May 14, 2008 04:23 PM|saneaprodan|LINK

    On MSDN forums I was told to look somewhere else too :)  http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3328705&SiteID=1

     I've tried all sorts of things now, from IIS 5.0 registry settings, to IIS manager web server extensions, and even tried to deny Everyone access to the httpetx.dll from C:\WINDOWS\system32\inetsrv... and of course did an iisreset after each change... and I still can open the WSS web site using DAV client :) There's also the IIS lockdown tool, but that's only for IIS 4.0, 5.0..

    This is very, very strange...
     

  • Re: Disable WebDAV protocol on IIS 6.0

    May 15, 2008 08:05 AM|tomkmvp|LINK

    It may not be possible.  This is probably the same method used by the MS Office apps to connect to SharePoint, which is a key feature.  Killing Explorer access would most likely break Office access.

  • Re: Disable WebDAV protocol on IIS 6.0

    May 15, 2008 11:00 AM|saneaprodan|LINK

    I disabled WebDAV access by prohibiting _vti_aut/author.dll and owssvr.dll from Windows SharePoint Services 3.0 web service extensions. And yes, you are right, disabling owssvr.dll seems to break Office access to the files, while disabling _vti_aut/author.dll disabled the ability to save the file back to server.

     Here are some resources on this:  http://msdn.microsoft.com/en-us/library/ms947858.aspx. Although out of date, they did help me.

  • Re: Disable WebDAV protocol on IIS 6.0

    May 27, 2008 10:35 AM|maxtarass|LINK

    Hi

    Exact same issue here. I did a lot of digging with no success. Even made a call to Microsoft.

    I think that's a big issue, security broblem, whatever you want to call it. If you customize MOSS as we did users can always around it and use webdav to access the folders and library under MOSS..not a good design at all. It seems that there is really no way around it keeping office integration in mind.

     

  • Re: Disable WebDAV protocol on IIS 6.0

    May 27, 2008 10:53 AM|saneaprodan|LINK

     

    Thanks for sharing,

    Just wanted to see if you do have the same issue. The problem with my case is that I need to enable SOAP protocol and in the same time disable WebDAV. Now in WSS this is an atomic permission - Use Remote Interfaces. But as far as I know you can disable WebDAV while keeping "Use Client Integration Features" permission.

    Did you try to configure your permissions in such manner?

    Or do your customization rule out this possibility?

  • Re: Disable WebDAV protocol on IIS 6.0

    Jun 24, 2009 02:39 PM|jhillenbrand|LINK

     You also have to go into the NTFS permissions and make sure the WebSharing is turned off.  Remove IUSR_Machine from the permissions too.

  • Re: Disable WebDAV protocol on IIS 6.0

    Jul 15, 2009 03:56 PM|robmcm|LINK

    Sorry for the late post on this thread.

    As you have already seen, disabling the IIS WebDAV module does not affect SharePoint WebDAV because SharePoint imlements its own WebDAV functionality. Rather than attempting to change permissions or deny access to _vti_*** paths through NTFS or IIS I would suggest using URLScan to block the WebDAV verbs through [DenyVerbs] and block any paths through [DenyUrlSequences].

    Robert McMurray [MSFT]